<?php
	
	require_once('../includes/config.php');
	require_once('../includes/functions.php');
	
	// Retrieve base HTML
	$pageStr = buildStandardPage('Change Password','Change Password');
	
	/**
	 * Let's generate the content we want to display in this page
	 */
	$content = '';
	
	if(isMobile()){
		$content .= 'Detected Mobile!';
	}
	else{			
		/**
		 * Check if the user already clicked the 'submit' button
		 *   This means they sent their info to the server!
		 */
		if(true == isset($_POST['submit'])){				
				// Clean the information the user submitted to the website
				// this prevents SQL injection
				$_POST = cleanPost($_POST);
				
				// get the user's info
				$query = buildSelectStatement('user', array('email' => $_POST['email']));				
				$result = executeSQL($query, 'authentication/forgot.php - Connecting to the database failed');
				
				$userInfo = mysql_fetch_assoc($result);

				if($userInfo){
					$content .= 'Please enter your email address.<br/><br/>';
					$content .= '<form method=POST action=' . $AUTH_URL .  'changePassword.php onsubmit="return validateLoginForm(this);">';
					$content .= '<input type=hidden value=' . $userInfo['id'] . ' name=id >';
					$content .= '<input type=hidden value="' . $userInfo['answerhash'] . '" name=answerhash >';
					$content .= '<input type=hidden value=' . $userInfo['email'] . ' name=email >';
					$content .= '<input type=hidden value=' . $userInfo['salt'] . ' name=salt >';
					
					$content .= '<table><tr><td>Question</td><td><input type=text value="' . $userInfo['question'] . '" style="width:300px;" DISABLED></td></tr>';
					$content .= '<tr><td>Answer</td><td><input type=text name=answer ></td></tr>';
					$content .= '<tr><td></td> <td><input type=submit name=submit value=Submit >';
					$content .= '<input type=button value=Cancel onclick="window.location=\'' . $AUTH_URL . '\'" ></td></tr>'
					.'<tr><td></td><td>Not a member? - <a href="'. $USERS_URL .'add.php" >Register Here</a></td></tr></table>';
					$content .= '</form>';
				}
				else{ // the user provided an invalid email address
					$content .= $BAD_USERNAME_OR_PASSWORD;
				}
		}
		/**
		 * The user hasn't logged in yet so we need to give them a form to sign in.
		 */
		else{

			// Display the user's question and an empty textbox for the answer!

			/** 
			 * This form will send data back to the server through a POST!
			 * onsubmit - calls a javascript function to validate the user's input on the client's machine
			 * 
			 * ask the user for a username and a password 
			 * give the user two options: login or cancel
			 */
			$content .= 'Please enter your email address.<br/><br/>';
			$content .= '<form method=POST action='. $_SERVER['PHP_SELF']. ' onsubmit="return validateLoginForm(this);">';
			$content .= '<table><tr><td>Email</td> <td><input type=text name=email></td></tr>';
			$content .= '<tr><td></td> <td><input type=submit name=submit value=Submit >';
			$content .= '<input type=button value=Cancel onclick="window.location=\'' . $AUTH_URL . '\'" ></td></tr>'
			.'<tr><td></td><td>Not a member? - <a href="'. $USERS_URL .'add.php" >Register Here</a></td></tr></table>';
			$content .= '</form>';
			
		}
	}
	
	/**
	 * Replace the content string
	 */
	$pageStr = str_Replace('<!--content-->', $content, $pageStr);
	
	/**
	 * Send the generated HTML to the client's browser
	 */
	echo $pageStr;
	
?>